Description

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.

Remediation

References

CVE-2022-48566

Related Vulnerabilities

WordPress Plugin WordPress Book List Arbitrary File Upload (5.0.11)

WordPress Plugin myCred-Points, Rewards, Gamification, Ranks, Badges & Loyalty SQL Injection (2.2)

Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-35613)

Oracle Database Server Resource Management Errors Vulnerability (CVE-2007-5506)

WordPress Plugin 1-click Retweet/Share/Like Cross-Site Scripting (5.2)

Severity

High

Classification

CVE-2022-48566 CWE-362 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities